Cisco Systems 7600 SERIES manual Configuring MAC Move Notification, 23-22

Page 22

Chapter 23 Configuring Network Security

Configuring MAC Move Notification

When configuring unicast flood protection, note the following syntax information:

Use the limit keyword to specify the unicast floods on a per source MAC address and per VLAN basis; valid values are from 1 to 4000 floods per second (fps).

Use the filter keyword to specify how long to filter unicast flood traffic; valid values are from 1 to 34560 minutes.

Use the alert keyword to configure the system to send an alert message when frames of unicast floods exceed the flood rate limit.

Use the shutdown keyword to configure the system to shut down the ingress port generating the floods when frames of unicast floods exceed the flood rate limit.

This example shows how to configure the system to filter unicast flood traffic for 5 minutes and set the flood rate limit to 3000 fps:

Router(config)# mac-address-table unicast-flood limit 3 vlan 100 filter 5

Router # show mac-address-table unicast-flood

Unicast Flood Protection status: enabled

Configuration:

 

 

 

 

vlan

Kfps

action

timeout

 

------+

----------

+-----------------

+----------

 

100

 

3

filter

5

 

Mac filters:

 

 

 

 

No.

vlan

souce mac addr.

installed on

time left (mm:ss)

-----+------

+-----------------

+------------------------------

+------------------

Router(config)#

Configuring MAC Move Notification

When you configure MAC move notification, a message is generated when a MAC address moves from one port to another.

Note The MAC address move notification feature does not generate a notification when a new MAC address is added to the CAM or when a MAC address is removed from the CAM.

To configure MAC move notification, perform this task:

 

Command

Purpose

Step 1

 

 

Router(config)# [no] mac-address-table

Enables MAC move notification globally.

 

notification mac-move

 

Step 2

 

 

Router# show mac-address-table notification

Displays MAC move notification information.

 

mac-move

 

 

 

 

 

Cisco 7600 Series Router Cisco IOS Software Configuration Guide—12.1E

23-22

78-14064-04

Page 21 Page 23
Image 22
Page 21 Page 23
Contents This chapter consists of these sections ACL Configuration Guidelines23-1 Hardware and Software ACL Support 23-2Determining Layer 4 Operation Usage 23-3More detailed example follows Configuring the Cisco IOS Firewall Feature SetDetermining Logical Operation Unit Usage 23-4Cisco IOS Firewall Feature Set Support Overview 23-5Restrictions Firewall Configuration Guidelines and RestrictionsConfiguring Cbac on Cisco 7600 Series Routers GuidelinesConfiguring MAC Address-Based Traffic Blocking 23-7Vacl Overview Configuring Vlan ACLsUnderstanding VACLs 23-8Same interface VACLs and Cbac cannot be configured on the same interfaceBridged Packets Igmp packets are not checked against VACLsRouted Packets 23-10Multicast Packets Configuring VACLsThese sections describe configuring VACLs 23-11To define a Vlan access map, perform this task Vacl Configuration OverviewDefining a Vlan Access Map 23-12Deletes the match clause in a Vlan access map sequence Configuring a Match Clause in a Vlan Access Map SequenceConfigures the match clause in a Vlan access map sequence 23-13Applying a Vlan Access Map Configuring an Action Clause in a Vlan Access Map Sequence23-14 Vlan Access Map Configuration and Verification Examples Verifying Vlan Access Map Configuration23-15 Configuring a Capture Port 23-16Configuring Vacl Logging 23-17Configuring TCP Intercept 23-18Understanding Unicast RPF Support Configuring Unicast Reverse Path ForwardingConfiguring Unicast RPF Enabling Self-PingingConfiguring the Unicast RPF Checking Mode 23-20This example shows how to verify the configuration Configuring Unicast Flood Protection23-21 Configuring MAC Move Notification 23-2223-23 23-24
Related manuals
Manual 74 pages 38.06 Kb
Top Page Image Contents